There is some IPA-specific dogtag SELinux policy in selinux/ipa_dogtag related to mapping some files as cert_t. Investigate whether this is still needed or whether this can be done another way, including moving the policy to the selinux team.
Ok. Ideally, I think the goal should be to move all our SELinux configuration to system SELinux policy and only control it via SELinux booleans and drop freeipa-server-selinux package altogether.
freeipa-server-selinux
Investigated together with #3683.
Patch ''freeipa-mkosek-411-drop-redundant-directory-var-cache-ipa-sessions.patch'' sent for review freeipa-mkosek-411-drop-redundant-directory-var-cache-ipa-sessions.patch
attachment freeipa-mkosek-410-drop-selinux-subpackage.patch
master:[[BR]] 6d66e82 Drop redundant directory /var/cache/ipa/sessions[[BR]] ad6abdb Drop SELinux subpackage[[BR]]
ipa-3-2:[[BR]] a91d080 Drop SELinux subpackage[[BR]] ce5d7de Use pkg-config to detect cmocka[[BR]]
Metadata Update from @rcritten: - Issue assigned to mkosek - Issue set to the milestone: FreeIPA 3.3 - 2013/06
Login to comment on this ticket.